1

I am having trouble with authentication. When I try to connect to identity server it throws an error. I can successfully login when I am on the identity server, but when I try to connect to the identity server from my web app it throws the error below.

Anyone able to look and see what I have done wrong?

Error: "No Authentication handler is configured to handle the scheme: oidc"

I am using the following code in my Website Startup.cs

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
        services.AddAuthentication(options =>
        {
            options.DefaultScheme =
                CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme =
                OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect(options =>
        {
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "http://localhost:5000"; // Auth Server
            options.RequireHttpsMetadata = false; // only for development 
            options.ClientId = "mvc"; // client setup in Auth Server
            options.ClientSecret = Configuration["Identity_Server:Client_Secret"].Sha256();
            options.ResponseType = "code id_token"; // means Hybrid flow
            options.Scope.Add("API1");
            options.GetClaimsFromUserInfoEndpoint = true;
            options.SaveTokens = true;
        });

        services.AddMvc();

I am using the following in my Identity Startup.cs

        services.AddDbContext<DbContext>(options =>
            options.UseMySQL(Configuration.GetConnectionString("MySQL")));

        services.AddIdentity<ApplicationUser, IdentityRole>()
                .AddEntityFrameworkStores<DbContext>()
                .AddDefaultTokenProviders();

        // Add application services.
        services.AddTransient<IEmailSender, EmailSender>();

        var config = new Config(Configuration);
        services.AddIdentityServer()
                .AddDeveloperSigningCredential(filename: "tempkey.rsa")
                .AddInMemoryIdentityResources(config.GetIdentityResources())
                .AddInMemoryApiResources(config.GetApiResources())
                .AddInMemoryClients(config.GetClients())
                .AddAspNetIdentity<ApplicationUser>();

        services.AddMvc();

I am using the following in my config file

    private static IConfiguration _config;

    public Config(IConfiguration configuration)
    {
        _config = configuration;
    }

    public IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {
            new Client
            {
                ClientId = "mvc",
                ClientName = "MVC Client",
                AllowedGrantTypes = GrantTypes.Hybrid,
                RequireConsent = false,
                ClientSecrets =
                {
                    new Secret(_config["secret"].Sha256())
                },
                RedirectUris           = { "http://localhost:5002/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "API1"
                },
                AllowOfflineAccess = true
            }
        };
    }

    public  IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
        };
    }

    public IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>()
        {
            new ApiResource("API1", "Allow to Manage API1")
        };
    }
Improve this question

1 Answer 1

Reset to default
1

You need a Name, Challenge and Handler defined like this:

public void ConfigureServices(IServiceCollection services)
{
  services.AddMvc();

  JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

  services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.SignInScheme = "Cookies";

        options.Authority = "http://localhost:5000";
        options.RequireHttpsMetadata = false;

        options.ClientId = "mvc";
        options.SaveTokens = true;
    });

}

http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Wondered if you could help with an error that follwed, Error: "Message contains error: 'Invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'"
@Max Hmm, not sure. In the docs mvc is added before identity server, does that help?
It appears to be an issue with the redirect
Afraid I can't help at the moment :/

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.